Date: Tue, 9 Sep 2003 16:09:35 +0000 From: Alexander.Farber@t-online.de (Alexander Farber) To: freebsd-questions@freebsd.org Subject: Re: Spoofing, defense? Message-ID: <20030909160935.GA13801@pref.my.domain> In-Reply-To: <003301c3756e$dd43b440$f4f0a8c0@pcmedx.com> References: <004001c37540$cdf13680$0400a8c0@fire> <002201c37543$49d01c60$0100a8c0@guilmot2cimcs9> <003301c3756e$dd43b440$f4f0a8c0@pcmedx.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I've always wondered, why write the firewall rules blocking some IP addresses (like on the bottom of this mail). Doesn't it make more sense only to allow connections addressed to the external IP of your firewall, like block in on rl0 from any to any pass in quick on rl0 from any to $myExtIP www pass in quick on rl0 from any to $myExtIP ssh Regards Alex On Sun, Sep 07, 2003 at 11:35:51AM -0700, Mike Maltese wrote: > A complete list of valid address ranges can be found at > http://www.iana.org/assignments/ipv4-address-space. > > > Alex Zivenko wrote: > > > Everybody know what is spoofing. P.S. Really? ;-) > > In my firewall I prevent it like: > > > > # Anti-spoof, no loggin [ I hate reading them ;-) ] > > > > block in quick on rl0 from 192.168.0.0/16 to any #RFC 1918 private IP > > > > block in quick on rl0 from 172.16.0.0/12 to any #RFC 1918 private IP > > > > block in quick on rl0 from 10.0.0.0/8 to any #RFC 1918 private IP > > > > block in quick on rl0 from 127.0.0.0/8 to any #loopback > > > > block in quick on rl0 from 0.0.0.0/8 to any #loopback > > > > block in quick on rl0 from 169.254.0.0/16 to any #DHCP auto-config > > > > block in quick on rl0 from 192.0.2.0/24 to any #reserved for doc's > > > > block in quick on rl0 from 204.152.64.0/23 to any #Sun cluster > > > > block in quick on rl0 from 224.0.0.0/3 to any #Class D & E multicast
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030909160935.GA13801>
